Here we will learn how to Compile and Install Apache HTTP Server from source code. After that we will Configure our Server for basic functionality and Secure it for general usage.
Installing Apache HTTP Server from source code involves the following steps.
1) Installing missing dependencies
2) Adding an Apache User and Group
3) Downloading the source code
4) Unpacking & Installing
5) Post Installation Procedures
6) Installation Review
After installing Apache HTTP Server, it is recommended to view the following sections.
Securing Apache HTTP Server
Customizing Apache HTTP Server
1) Installing missing dependencies
distcache support for Apache HTTP Server requires installation of distcache.
Installation instructions here.
Otherwise you can use --disable-socache_dc in the configure options.
GDBM and NDBM support for APR-util requires installation of GDBM development package.
Installation instructions here.
Otherwise you can remove --with-gdbm and --with-ndbm=/usr/include/gdbm:/usr/lib from the list of configure options.
Lua support for Apache HTTP Server requires installation of Lua development package.
Installation instructions here.
Otherwise you can use --disable-lua in the configure options.
2) Adding an Apache User and Group
Running the Apache HTTP Server as root user is insecure and so not advisable. It is better to run the Apache HTTP Server under a system account with limited privileges. So we will create a User and Group for Apache. In the terminal, execute the following command.
# useradd -r -U -s /sbin/nologin apache -M -d /usr/local/apache2
NOTE: The home directory of apache user is set to the install directory /usr/local/apache2/. You can use a different home directory, if you wish. Make sure to perform the required changes as given here.
OPTIONS EXPLAINED -r Create a system account. System users will be created with no aging information in /etc/shadow, and their numeric identifiers are choosen in the SYS_UID_MIN-SYS_UID_MAX range, defined in /etc/login.defs, instead of UID_MIN-UID_MAX (and their GID counterparts for the creation of groups). Note that useradd will not create a home directory for such an user, regardless of the default setting in /etc/login.defs (CREATE_HOME). You have to specify the -m options if you want a home directory for a system account to be created. -U Create a group with the same name as the user, and add the user to this group. The default behavior (if the -g, -N, and -U options are not specified) is defined by the USERGROUPS_ENAB variable in /etc/login.defs. -M Do not create the user´s home directory, even if the system wide setting from /etc/login.defs (CREATE_HOME) is set to yes. -s The name of the user´s login shell. The default is to leave this field blank, which causes the system to select the default login shell specified by the SHELL variable in /etc/default/useradd, or an empty string by default. -d The new user will be created using HOME_DIR as the value for the user´s login directory. The default is to append the LOGIN name to BASE_DIR and use that as the login directory name. The directory HOME_DIR does not have to exist but will not be created if it is missing.
This will create a user and group, both named as apache. They will be created as system accounts and there will be no password set. The home directory will be set to /usr/local/apache2/ but it will not be created. The login shell will be /sbin/nologin.
3) Downloading the source code
The source code of Apache HTTP Server is available from the official website.
Let us goto http://httpd.apache.org. On the left menu, under the Download! section, click on From a Mirror. This will take us to the download page listing various download packages. Under the section containing Apache HTTP Server 2.4.9, click on httpd-2.4.9.tar.gz. This will start our download.
The downloaded file httpd-2.4.9.tar.gz will be 6.5 MB in size.
Apache HTTP Server needs APR or Apache Portable Runtime for functioning.
APR provides a predictable and consistent interface to underlying platform-specific implementations. It provides an API to which Apache HTTP Server developers may code and be assured of predictable if not identical behavior regardless of the platform on which Apache HTTP Server is built. This relieves the developers of the need to code special case conditions to work around or take advantage of platform specific deficiencies or features.
Apache allows us to use separate APR and APR-util installation for Apache HTTP Server. We just have to provide the source code of APR and APR-util and provide --with-included-apr option to the configure script. This has the following advantages.
• It prevents the Apache HTTP Server installation from breaking; that is if the APR and APR-util packages provided by operating system gets upgraded and something goes wrong.
• It allows us to use experimental features that are not provided by the official package.
For example mod_session_crypto.so is an experimental module. But using this module requires APR with built-in EVP support for OpenSSL. CentOS official repositories does not include an APR package providing EVP support for OpenSSL.
The source code of APR and APR-util are available from their official website.
Let us goto http://apr.apache.org. On the left menu, under the Download! section, click on From a Mirror. This will take us to the download page listing various download packages. Under the section containing APR 1.5.1, click on apr-1.5.1.tar.gz. This will start our download for APR v1.5.1. Again, under the section containing APR-util 1.5.3, click on apr-util-1.5.3.tar.gz. This will start our download for APR-util v1.5.3.
The downloaded files apr-1.5.1.tar.gz and apr-util-1.5.3.tar.gz will be 997 KB and 854 KB in size respectively.
4) Unpacking & Installing
Unpacking
Make sure you have copied the downloaded files httpd-2.4.9.tar.gz, apr-1.5.1.tar.gz and apr-util-1.5.3.tar.gz to directory /usr/src/. In the terminal, change to /usr/src/ directory.
# cd /usr/src
Extract the gzipped tarball containing Apache HTTP Server.
# tar -zxvf httpd-2.4.9.tar.gz
OPTIONS EXPLAINED -z filter the archive through gzip -x extract files from an archive -v verbosely list files processed -f use archive file or device ARCHIVE
Now we will have a directory httpd-2.4.9, containing Apache HTTP Server‘s source code.
Extract the gzipped tarball containing APR.
# tar --transform s/apr-1.5.1/apr/ -C httpd-2.4.9/srclib/ -zxvf apr-1.5.1.tar.gz
OPTIONS EXPLAINED --transform=EXPRESSION use sed replace EXPRESSION to transform file names. File name matching options (affect both exclude and include patterns) -C change to directory DIR -z filter the archive through gzip -x extract files from an archive -v verbosely list files processed -f use archive file or device ARCHIVE
The source code of APR will be extracted to directory httpd-2.4.9/srclib/apr/.
Extract the gzipped tarball containing APR-util.
# tar --transform s/apr-util-1.5.3/apr-util/ -C httpd-2.4.9/srclib/ -zxvf apr-util-1.5.3.tar.gz
OPTIONS EXPLAINED --transform=EXPRESSION use sed replace EXPRESSION to transform file names. File name matching options (affect both exclude and include patterns) -C change to directory DIR -z filter the archive through gzip -x extract files from an archive -v verbosely list files processed -f use archive file or device ARCHIVE
The source code of APR-util will be extracted to directory httpd-2.4.9/srclib/apr-util/.
Installing
NOTE: Installation is performed based on the rules iRULE1 and iRULE3.
Before proceeding with the installation, it is strongly recommended to read the following. So that, you may know what you are doing and its implications, rather than to understand later it is too late.
• DSO or Dynamic Shared Object
• MPM or Multi Processing Module
• Disabling unnecessary modules
In the terminal, switch to the directory httpd-2.4.9 containing extracted files.
# cd httpd-2.4.9
Apache HTTP Server does not comes with support for Digest Authentication using DBM based storage. To unofficially support this, we must modify Apache HTTP Server‘s source code.
WARNING: Modifying Apache HTTP Server's source code can result in unforeseen complications. Neither me nor Apache will be responsible for any damages caused. Do it on your own risk.
Open the file htdbm.c in directory httpd-2.4.9/support/. Look for an if-return section containing the line Username contains invalid characters. Comment out the section. It must now look as shown below.
/* if (strchr(htdbm->username, ':')) {
fprintf(stderr, "Username contains invalid charactersn");
return APR_EINVAL;
}*/
Save and close the file.
Execute the configure script as shown below.
NOTE:
• View the complete configure options for APR.
• View the complete configure options for APR-util.
• View the complete configure options for Apache HTTP Server.
• View the configure options for Apache HTTP Server from the official website.
• Default installation directory is /usr/local/apache2/. If you want to change it, use the configure option --prefix=PREFIX.
example: ./configure --prefix=/opt/apache2
• DSO or Dynamic Shared Object
• MPM or Multi Processing Module
• Disabling unnecessary modules
• If you want to disable a specific module use the configure option --disable-MODULENAME
example: --disable-lua
• If you want to enable a specific module use the configure option --enable-MODULENAME
example: --enable-lua
• The configure option --enable-mods-shared=VALUE accepts the values none, few, most, all, reallyall.
⇒ View the option wise comparison of modules.
⇒ View the table wise comparison of modules.
• The configure option --with-ldap --with-included-apr forms a single unit. This option enables compiling of modules mod_ldap.so and mod_authnz_ldap.so. If you decide to not have this feature, only remove --with-ldap but not --with-included-apr. Module mod_session_crypto.so and Apache HTTP Server itself needs the option --with-included-apr.
• The configure option --with-crypto --with-openssl --with-included-apr forms a single unit. This option enables the module mod_session_crypto.so. If you decide to not have this feature, just remove the --with-crypto --with-openssl but not --with-included-apr. Modules mod_ldap.so, mod_authnz_ldap.so and Apache HTTP Server itself needs this option.
• The configure option --with-openssl is NOT intended to enable SSL support for Apache HTTP Server. SSL support for Apache HTTP Server comes with the module mod_ssl.so which is compiled by default on all installations unless we explicitly disable it using the option --disable-ssl or --enable-mods-shared=few.
In fact what this option specifies is that, the Crypto Driver to be used with the module mod_session_crypto.so is OpenSSL Cryto Driver.
There are two Crypto drivers provided with Apache HTTP Server.
⇒ OpenSSL Cryto Driver (apr_crypto_openssl). Enabled using --with-openssl option.
⇒ NSS Crypto Driver (apr_crypto_nss). Enabled using --with-nss option.
Unless we need NSS for a specific purpose, it is always good to go with OpenSSL, considering the Interoperability Matrix given at http://howtolamp.com/lamp/httpd/2.4/openssl-nss-crypto-driver-interoperability-matrix/
# ./configure --enable-threads --enable-other-child --with-ldap --with-crypto --with-openssl --with-dbm=db4 --with-gdbm --with-ndbm=/usr/include/gdbm:/usr/lib --with-berkeley-db --with-mysql --with-sqlite3 --with-odbc --with-expat=builtin --with-iconv=/usr --with-included-apr --enable-mpms-shared=all --enable-mods-shared=reallyall
OPTIONS EXPLAINED
APR --enable-threads Enable threading support in APR --enable-other-child Enable reliable child processes
APR-util --with-ldap=library ldap library to use --with-crypto enable crypto support --with-openssl=DIR specify location of OpenSSL --with-dbm=DBM choose the DBM type to use. DBM={sdbm,gdbm,ndbm,db,db1,db185,db2,db3,db4,db4X,db5X,db6X} for some X=0,...,9 --with-gdbm=DIR enable GDBM support --with-ndbm=PATH Find the NDBM header and library in `PATH/include' and `PATH/lib'. If PATH is of the form `HEADER:LIB', then search for header files in HEADER, and the library in LIB. If you omit the `=PATH' part completely, the configure script will search for NDBM in a number of standard places. --with-berkeley-db=PATH Find the Berkeley DB header and library in `PATH/include' and `PATH/lib'. If PATH is of the form `HEADER:LIB', then search for header files in HEADER, and the library in LIB. If you omit the =PATH' part completely, the configure script will search for Berkeley DB in a number of standard places. --with-mysql=DIR enable MySQL DBD driver --with-sqlite3=DIR enable sqlite3 DBD driver --with-odbc=DIR specify ODBC location --with-expat=DIR specify Expat location, or 'builtin' --with-iconv=DIR path to iconv installation
Apache HTTP Server --with-included-apr Use bundled copies of APR/APR-Util --enable-mpms-shared=MPM-LIST Space-separated list of MPM modules to enable for dynamic loading. MPM-LIST=list | "all" --enable-mods-shared=MODULE-LIST Space-separated list of shared modules to enable | "all" | "most" | "few" | "reallyall"
configure will check our system for required dependencies, assigns values for system-dependent variables and use these values to generate the Makefile.
This configures our Apache HTTP Server source for installation with the following features.
• 3 Static modules loaded at runtime.
• 1 MPM module loaded at runtime, out of 3 MPM modules compiled as DSOs.
• 21 MPM modules loaded at runtime, out of 120 MPM modules compiled as DSOs.
Execute make.
# make
make will look at our Makefile, compile our program code and create the executables in the sequence described.
Execute the make install.
# make install
OPTIONS EXPLAINED
install
install will look for the target install in Makefile, and install MySQL Server to the specified location.
5) Post Installation Procedures
Adding Apache HTTP Server executables to system PATH
The Apache HTTP Server executables are installed in /usr/local/apache2/bin/ and they are 17 in number. We are not going to add symbolic links to each of them to /usr/bin/. Instead we will add /usr/local/apache2/bin/ to the system PATH variable.
PATH is an Environment variable and it must be available to all users; both in login and non-login shells. For this we must add a script in the /etc/profile.d/ directory.
NOTE:
• Read the difference between Environment Variable and Local Variable.
• Read the difference between Login Shell and Non login Shell.
Create a file apache.sh in /etc/profile.d/ directory with the below entry.
This is for the Bash shell.
if ! echo ${PATH} | /bin/grep -q /usr/local/apache2/bin ; then
PATH=/usr/local/apache2/bin:${PATH}
fi
Create a file apache.csh in /etc/profile.d/ directory with the below entry.
This is for C shell and Tenex C shell.
if ( "${path}" !~ */usr/local/apache2/bin* ) then
set path = ( /usr/local/apache2/bin $path )
endif
From this moment on, any new login shells or non-login shells spawned will have /usr/local/apache2/bin/ in the PATH variable. But the current shell on which we are working does not have it. Because it was spawned before the script was placed in the global profile directory. So we will have to source the script on our working shell.
I am using the Bash shell. So I executed the following command on my current terminal.
# source /etc/profile.d/apache.sh
Adding Apache HTTP Server libraries to shared library cache
The Apache HTTP Server libraries are installed in /usr/local/apache2/lib/. These libraries have already been available to the shared library cache during the install time. In addition, the envvars file in /usr/local/apache2/bin/ directory contains the necessary configurations for making these libraries available to Apache HTTP Server modules.
Setting proper permissions for DocumentRoot directory
For Apache HTTP Server to have access to the files stored in DocumentRoot directory; that is for our website to be visible, the User and Group apache must have access to the DocumentRoot directory. So let us set proper permissions for DocumentRoot directory.
Change the Owner and Group of htdocs directory to apache.
# chown -R apache:apache /usr/local/apache2/htdocs
OPTIONS EXPLAINED
-R
operate on files and directories recursively
Now there is a problem. /usr/local/apache2/htdocs/ is the system DocumentRoot directory. The contents of this directory are usually modified by the standard user from a local machine. But the standard user does not have access to this directory. So everytime we have to modify the contents of this directory, we will have to do it as root user and set proper permissions afterwards. This is an inconvenience. Performing the following steps will solve this issue.
Add the standard user’s group as a supplementary group, to the group apache.
NOTE: Replace GROUPNAME with the name of your primary group.
# usermod -G apache GROUPNAME
OPTIONS EXPLAINED
-G
A list of supplementary groups which the user is also a member of. Each group is separated from the next by a comma, with no intervening whitespace. The groups are subject to the same restrictions as the group given with the -g option.
NOTE: Adding a secondary group will only take effect after we logout and login again. So make sure you do that and come back right here.
You must have logged out and logged in again.
Provide write permission to members of apache group, so that the standard user will have write access to the DocumentRoot directory.
# chmod -R g+w /usr/local/apache2/htdocs
OPTIONS EXPLAINED -R operate on files and directories recursively g+w Set write permission for users who are members of the file's group
Still, there is a problem. If the standard user creates a file/directory inside the htdocs directory, the owner will be set to standard user and group will be set to primary group of standard user. As a result, Apache HTTP Server will not have write access to those files/directories unless we set proper permissions as root.
This can be overcome by setting SGID bit on the htdocs directory. This makes the created file/directory to retain the group ownership of directory with SGID under which it was created. Thus Apache HTTP Server will have read&write access to these file/directories. For this, execute the below command in terminal.
# find /usr/local/apache2/htdocs -type d -exec chmod g+s {} ;
OPTIONS EXPLAINED find search for files in a directory hierarchy -type File is of type: b block (buffered) special c character (unbuffered) special d directory p named pipe (FIFO) f regular file l symbolic link; this is never true if the -L option or the -follow option is in effect, unless the symbolic link is broken. If you want to search for symbolic links when -L is in effect, use -xtype. s socket D door (Solaris) -exec command ; Execute command; true if 0 status is returned. All following arguments to find are taken to be arguments to the command until an argument consisting of ‘;’ is encountered. The string ‘{}’ is replaced by the current file name being processed everywhere it occurs in the arguments to the command, not just in arguments where it is alone, as in some versions of find. Both of these constructions might need to be escaped (with a ‘’) or quoted to protect them from expansion by the shell. See the EXAMPLES section for examples of the use of the -exec option. The specified command is run once for each matched file. The command is executed in the starting directory. There are unavoidable security problems surrounding use of the -exec action; you should use the -execdir option instead. chmod change file mode bits g+s Set SetGID bit for users who are members of the file's group
Now, let us see how this setup works in a practical situation.
INITIAL CONDITIONS for htdocs directory:
• Ownership ⇒ apache:apache ; SGID set
• Permission ⇒ 775 ; ACL set
• Standard user’s primary group is added as a supplementary group to apache‘s primary group apache.
TEST1: apache creates a new file/directory inside the htdocs directory.
• Yes, able to create
• Resultant Ownership ⇒ apache:apache
• Resultant Permission ⇒ 664/775
• apache created the new file/directory; so apache can also modify them. Modified file/directory will have same ownership.
TEST 2: Standard user creates a file/directory inside the htdocs folder.
• Yes, able to create
• Resultant Ownership ⇒ USERNAME:apache
• Resultant Permission ⇒ 664/775
• Standard user created the new file/directory. So this user can also modify them. Modified file/directory will have same ownership. apache will also be able to modify the newly created file/directory, because write permission is given to the group. The resulting file/directory will have ownership apache:apache and permission mode 664/775. This goes back to condition TEST 1.
Good. It works and is perfect.
Open Apache HTTP Server‘s main configuration file /usr/local/apache2/conf/httpd.conf.
We have to make certain changes for the server to work properly.
Setting Apache HTTP Server user
Apache HTTP Server by default runs as the user root. Running Apache HTTP Server as the root user is insecure and so not advisable. So will set Apache HTTP Server to run as the standard user apache.
Look for the lines User daemon and Group daemon. Change daemon to apache. Now the lines must look as shown below.
User apache Group apache
NOTE: From here onwards, when Apache HTTP Server starts, it initially runs as root. This enables Apache HTTP Server to bind to ports 1024 and below. After that it spawns child processes(under User and Group apache) and drops privileges for handling requests. Requests are handled by child processes from this point.
Setting Servername and Port for Apache HTTP Server
The ServerName directive sets the request scheme, hostname and port that the server uses to identify itself. This is used when creating redirection URLs. ServerName is used in conjunction with ServerAlias to uniquely identify a virtual host, when using name-based virtual hosts. If no ServerName is specified, then the server attempts to deduce the hostname by performing a reverse lookup on the IP address. This may result in a hostname we never meant.
Similary if no port is specified, then the server will use the port from the incoming request. Explicitly setting these two parameters makes the server reliable and predictable.
Look for the line containing #ServerName www.example.com:80. Replace www.example.com with our machine’s hostname and uncomment the line. I am on a Desktop machine and my hostname is example.com. My line now looks as shown below.
NOTE:
• The hostname of your local machine can be found out using the command hostname. But if the machine is on a netwrork or is a server, the hostname may depend upon the DNS records.
• Replace example.com with hostname of your own machine.
ServerName example.com:80
Setting Apache HTTP Server to bind on to a specific IP Address
Apache HTTP Server by default binds to all IP addresses on all interfaces of a given system. However, it is always good to specify which address to bind to. Look for the line containing Listen 80. The IP address of my machine is 192.168.0.100. So I have modified the content as shown below.
NOTE: Replace 192.168.0.100 with IP address of your machine.
Listen 127.0.0.1:80 Listen 192.168.0.100:80
This will make Apache HTTP Server to bind to the IP addresses 127.0.0.1 and 192.168.0.100, both on port 80.
Setting a contact E-Mail address for Apache HTTP Server
The directive ServerAdmin sets the contact address that the server includes in any error messages it returns to the client. Look for the line that contains ServerAdmin [email protected]. Replace [email protected] with your contact E-mail address. I have a Desktop machine. So I decided to use the localhost mail rather than a dedicated mail address. Mine looks as shown below.
NOTE:
• It may be worth setting up a dedicated E-mail address for this.
• Replace root@localhost with your own E-mail address.
ServerAdmin root@localhost
Adding the DirectoryIndex type index.htm
Apache HTTP Server is configured by default to accept only index.html as the DirectoryIndex type. The server uses a file extension to figure out what MIME type should be send back to the requesting client. The MIME type connected with .html extension is text/html. Another extension that uses the same MIME type is .htm. So let us add index.htm as another DirectoryIndex type.
Look for the line containing DirectoryIndex index.html. Add index.htm to the end of line. Now the line must look as shown below.
DirectoryIndex index.html index.htm
Enabling htaccess directives
htaccess stands for HyperTextAccess. .htaccess refers to the default filename of distributed configuration files, that provide a way to make configuration changes on a per-directory basis. Such a file, containing one or more configuration directives, is placed in a particular directory in the DocumentRoot, and the directives apply to that directory, and it’s subdirectories.
TIP: Read more about htaccess.
Let us enable htaccess directives. Look for the line containing <Directory “/usr/local/apache2/htdocs”>. The value of AllowOverride inside this <Directory> block, is set to None. Change it to All. Now it must look as shown below.
AllowOverride All
NOTE:
• Setting AllowOverride to All is done here merely for convenience. Setting the value to All is always a security risk in shared environment.
• As an alternative, you can allow only selected directives using the directive AllowOverrideList.
• Read more about htaccess directives.
Apache HTTP Server‘s project website has provided a basic tutorial on .htaccess files.
http://httpd.apache.org/docs/2.4/howto/htaccess.html
Enabling module mod_rewrite.so
mod_rewrite.so is compiled by default on an Apache HTTP Server installation, unless we explicitly disable it using the configure option --disable-rewrite or --enable-mods-shared=few. mod_rewrite.so uses a rule-based rewriting engine, based on a PCRE regular-expression parser, to rewrite requested URLs on the fly. It provides a flexible and powerful way to manipulate URLs using an unlimited number of rules. Each rule can have an unlimited number of attached rule conditions, to allow us to rewrite URL based on server variables, environment variables, HTTP headers, or time stamps.
Rewrite rules are used commonly; especially in .htaccess files. We do not want to miss it. So let us enable the module mod_rewrite.so. Look for the line containing mod_rewrite.so. Uncomment the line, so that it looks as shown below.
LoadModule rewrite_module modules/mod_rewrite.so
NOTE: For mod_rewrite.so to be functional, make sure any of the following entries are placed in the <Directory> block of Apache HTTP Server‘s configuration file.
AllowOverride All
OR
AllowOverride FileInfo
OR
AllowOverrideList RewriteBase RewriteCond RewriteEngine RewriteMap RewriteOptions RewriteRule
Apache HTTP Server‘s project website has provided an extensive tutorial on using Rewrite rules.
http://httpd.apache.org/docs/2.4/rewrite/
Enabling extra configuration files
Apart from the main configuration file httpd.conf, there are extra configuration files included in the apache2/conf/extra/ directory.
NOTE: Read about Apache HTTP Server configuration files.
There are three essential configuration files we must enable.
httpd-default.conf
Contains the default settings for Apache HTTP Server.
httpd-info.conf
NOTE:
• Requires the modules mod_authz_core.so, mod_authz_host.so, mod_status.so and mod_info.so.
• Modules mod_authz_core.so, mod_authz_host.so, mod_status.so are compiled and enabled by default on all installations unless we explicitly disable them by using the configure options --disable-authz-core, --disable-authz-host, --disable-status respectively.
• Module mod_info.so is compiled by default on all installations unless explicitly disabled by the configure option --disable-info or --enable-mods-shared=few. It has to be enabled manually.
Contains the settings for getting information about the requests being processed by the server and configuration of the server.
httpd-mpm.conf
Contains MPM related settings.
Let us enable these three configuration files.
Look for the line containing httpd-default.conf. Uncomment the line so that it looks as shown below.
Include conf/extra/httpd-default.conf
Look for the line containing httpd-info.conf. Uncomment the line so that it looks as shown below.
Include conf/extra/httpd-info.conf
Configuration file httpd-info.conf requires the modules mod_authz_core.so, mod_authz_host.so, mod_status.so and mod_info.so. The first three modules are enabled by default. Let us enable the module mod_info.so. Look for the line referring to mod_info.so. Uncomment the line so that it looks as shown below.
LoadModule info_module modules/mod_info.so
Look for the line containing httpd-mpm.conf. Uncomment the line so that it looks as shown below.
Include conf/extra/httpd-mpm.conf
Save and close Apache HTTP Server‘s main configuration file httpd.conf.
Enabling server-status and server-info handlers
Handler server-status gives status reports for the server. Handler server-info gives all configurations of the server, including per-directory file configurations. Both these handlers requires that the configuration file httpd-info.conf be enabled, which we have already done in the above step.
WARNING: Handlers server-status and especially handler server-info can leak sensitive information related to Apache HTTP Server. They should only be used in a controlled environment like localhost and always with caution.
Open the configuration file httpd-info.conf.
Look for the section that contains server-status. Change the lines containing Require host and Require ip, so that it looks as shown below.
NOTE:
• Replace example.com with the hostname of your machine.
• Replace 192.168.0.100 with the IP address of your machine.
<Location /server-status> SetHandler server-status Require host localhost example.com Require ip 127.0.0.1 192.168.0.100 </Location>
Look for the line that contains ExtendedStatus. Uncomment the line. Now it must look as shown below.
ExtendedStatus On
This will cause Apache HTTP Server to generate full status information rather than basic.
Look for the section that contains server-info. Change the lines containing Require host and Require ip, so that it looks as shown below.
NOTE:
• Replace example.com with the hostname of your machine.
• Replace 192.168.0.100 with the IP address of your machine.
<Location /server-info> SetHandler server-info Require host localhost example.com Require ip 127.0.0.1 192.168.0.100 </Location>
Save and close the configuration file httpd-info.conf.
Install Apache HTTP Server as a Sys V init service
Create a softlink for the Apache HTTP Server daemon start/stop script apachectl to the /etc/rc.d/init.d/ directory with the name apache.
# ln -s /usr/local/apache2/bin/apachectl /etc/rc.d/init.d/apache
OPTIONS EXPLAINED
-s
make symbolic links instead of hard links
The apachectl script does not support the utility chkconfig. We have to manually add support for it. Open the apachectl script in a text editor. Below the shebang line(#!/bin/sh), add the following content.
# # Comments to support chkconfig # chkconfig: 2345 85 15 # description: Apache HTTP Server # # Comments to support LSB init script conventions ### BEGIN INIT INFO # Provides: httpd # Required-Start: $local_fs $remote_fs $network $named # Required-Stop: $local_fs $remote_fs $network # Should-Start: distcache # Short-Description: start and stop Apache HTTP Server # Description: Apache HTTP Server ### END INIT INFO
NOTE:
• Line chkconfig: 2345 85 15 specifies that this service will be enabled in runlevels 2,3,4,5 by default. Also it will be started in 85th of order and killed in 15th of order among other services. This order is decided in a way, so that Apache HTTP Server does not abort startup or shutdown abnormally due to other dependent processes.
• LSB init script conventions comes from Linux Standard Base.
Save and close Apache HTTP Server‘s main configuration file httpd.conf.
Add apache as Sys V init service.
# chkconfig --add apache
OPTIONS EXPLAINED
--add
This option adds a new service for management by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel. If any runlevel is missing such an entry, chkconfig creates the appropriate entry as specified by the default values in the init script. Note that default entries in LSB-delimited ’INIT INFO’ sections take precedence over the default runlevels in the initscript; if any Required-Start or Required-Stop entries are present, the start and stop priorities of the script will be adjusted to account for these dependencies.
This option adds apache as a Sys V init service to be managed by chkconfig. When a new service is added, chkconfig ensures that the service has either a start or a kill entry in every runlevel. If any runlevel is missing such an entry, chkconfig creates the appropriate entry as specified by the default values in the init script.
chkconfig also creates the following softlinks for our apache script to the corresponding runlevel directories.
/etc/rc.d/rc0.d/K15apache
/etc/rc.d/rc1.d/K15apache
/etc/rc.d/rc2.d/S85apache
/etc/rc.d/rc3.d/S85apache
/etc/rc.d/rc4.d/S85apache
/etc/rc.d/rc5.d/S85apache
/etc/rc.d/rc6.d/K15apache
NOTE:
K15apache – K stands for Kill. 15 implies mysql will be killed in 15th of the order. This is intended for runlevels 0(shutdown), 1(single-user mode), 6(reboot). So apache service will be killed in runlevels 0, 1 and 6.
S85apache – S stands for Start. 85 implies mysql will be started in 85th of the order. This is intended for GUI/custom runlevels 2, 3, 4, 5. So apache service will be started in runlevels 2, 3, 4 and 5.
Finally, start the apache service.
# service apache start
View our first webpage
Now, let us view our first webpage. In the directory /usr/local/apache2/htdocs/, create a file named index.html with the below content.
<html> <h1> Hello world!! </h1> <body> This is my first web page</body> </html>
Open the web browser and type in the hostname of the machine.
We must see our newly created webpage. I have my webpage accessible at http://example.com.
6) Installation Review
Install location
/usr/local/apache2/
PID file
/usr/local/apache2/logs/httpd.pid
Service file
/etc/rc.d/init.d/apache
Default Ports
80 – Plaintext communication
443 – SSL/TLS communication
Executables
Listed and explained
Configuration files
Listed and explained
Log files
Listed and explained
Display information on loaded modules
# httpd -M
Display information on VirtualHost configuration
# httpd -S
Display information on Server Version and Build parameters
# httpd -V
Display information on Server configuration
Goto the below URL in web browser
NOTE: Replace HOSTNAME with the hostname of your machine.
http://HOSTNAME/server-info
Display information on Server status
# service apache status
OR
Goto the below URL in web browser
NOTE: Replace HOSTNAME with the hostname of your machine.
http://HOSTNAME/server-status
After installing Apache HTTP Server, it is recommended to view the following sections.
Securing Apache HTTP Server
Customizing Apache HTTP Server
